Platform Docs

Clover Development Basics

NOTE

Create a developer account at sandbox.dev.clover.com/developers. Enter and verify your email address. This will create a developer account for you, as well as a test merchant account.

We’ve created a sample inventory file that will help you get started with your test merchant. Use the dashboard inventory app to import this file.

A Clover web app is a browser-based integration that uses our REST API utilizing OAuth to create a secure connection to your web app. Web apps redirect a merchant from the Clover dashboard to a developer’s URL. Clover web apps offer a seamless experience that enables merchants to connect services through a central hub.

Clover web apps create an alternate integration path for scenarios where a native, on-device experience may not be appropriate. Clover developers have used our OAuth protocol for reporting, analytics, e-commerce integrations, etc.

The following web development guidelines are designed to help you produce high-quality apps with a smooth development and launch process. These foundations can help your apps provide the kind of excellent merchant experiences that attract and keep loyal subscribers.

Security

Familiarize yourself with basic web security principles. The Open Web Application Security Project (OWASP) offers several resources that will help you get started:

Merchant Data

  • Because the Clover API allows access to a database, you will need to follow the security standards for database access.
  • Web applications should access the Clover API using server-to-server requests when possible.
  • You must securely store any data that your own services cache.

Limiting Client Access

  • Customer and employee-facing apps must prevent unauthorized users from accessing privileged data, including the Clover credentials your app uses.
  • Use secure logins and session tracking if needed.
  • Server logic should prevent unauthorized access to data by injection attacks.
  • Any data passed to the client in any format should be considered vulnerable.

Clover Integration

  • Make it easy for merchants to login. The URL for your web app should launch the login flow, not navigate to the general home page for your business.
  • Include your Web URL prior to submission and test it with an example OAuth request.
  • All apps must be mobile-friendly.

Clover Development Basics


Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.